Skip to main content

OCI Integration Guide

The following guide covers the steps to integrate your Oracle Cloud Infrastructure (OCI) data with Vega Cloud.

note

OCI is in Open Preview and is not General Availability (GA) at this time and currently this guide is written for Oracle tenancies that use identity domains. More information about release phases may be found here.

OCI Console

Step 1: Create an IAM User

For Vega Cloud to receive access to Oracle Data, we require an OCI user in the platform. This allows you to control access given to our organization for authorized resources.

  1. Log in to the Oracle console.
  2. Search for Domains in the search bar up top, one of Oracle's Identity services.
  3. Choose the specific Domain under the compartment that you intend to grant Vega access to.
  4. In the domain interface, locate and select the Users tab from the left-hand menu.
  5. Click on the option to Create User. Provide the necessary details, it is suggested to use Vegacloud somewhere in the name/email for easy identification. After entering the requisite information, proceed to click on Create.

Step 2: Set up an API signing Key

The administrator within your organization must create a key pair specifically for signing Vega API requests. This leads to Oracle generating the public key from the pair, while the private key needs to be integrated into the Vega platform.

Once the user is created proceed with the following steps:

  1. Select the user from the Users tab created in Step 1.
  2. On the bottom left, navigate to the API Keys tab under Resources and select Add API Key.
  3. Next, you have the option to generate the key pair. You can download the private key.
    1. If you already possess a key pair, you can opt-out to upload or paste your public key file instead. Generating an API key pair is recommended.
  4. After generating the key pair, select Download Private Key and Download Public Key.
    1. The private key will be essential moving forward.
  5. Finally, select the Add button.
  6. Upon completion, a configuration file snippet will be displayed containing the basic authentication information necessary for utilizing our user's credentials in the SDK, CLI, or other OCI developer tools.
  7. Copy this snippet to the text editor of your preference. Vega will require this information alongside developer tools to authenticate against Oracle.
info

Make sure to keep the Private Key .pem content handy, as it will be used in the following steps.

Step 3: Add user to a group

Access to infrastructure within OCI is governed at the group level in a domain, rather than individually for each user. As a result, to secure access to resources, a Vega user must be included in the group linked with the requisite IAM policies, thereby granting the necessary permissions.

info

You can create a user group or add the Vega user from Step 1 to an existing group.

If a group has not been established then follow these steps:

  1. Navigate to Identity and then Domain.
    1. Identity > Domain
  2. On the left-hand menu select Groups.
    1. Identity > Domains > <YOUR_SELECTED_DOMAIN_NAME_HERE>
  3. Click on Create Group.
  4. Fill out the required fields, including the name and description of the group.
  5. Add the Vega user from Step 1 to this group.
  6. After all the necessary details are provided, select Create.

Step 4: Create access policies

Create an IAM policy using the following policy statements and attach it to user group from Step 3.

In the Oracle Console:

  1. Navigate to Identity and then Policies.

    1. Identity > Policies
  2. If the policy has not been created, select Create Policy.

  3. Fill out Name, Description, and copy the following into Policy Statement Manual Editor. Please note that if your group belongs to a domain other than Default, the 'YOUR_GROUP_NAME_HERE' should be replaced with 'DOMAIN_NAME'/'GROUP_NAME'

    Option 1 - If the desired OCI Compartment is the Root Compartment:
    info

    This is the OCID of Oracle's special tenancy where CUR files live, you can read more about it here

    • define tenancy reporting as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
    • endorse group <YOUR_GROUP_NAME_HERE> to read objects in tenancy reporting
    • Allow group <YOUR_GROUP_NAME_HERE> to read all-resources in tenancy
    Option 2 - If the desired OCI Compartment is a child Compartment:
    info

    COMPARTMENT_NAME is the name of the compartment you wish to grant access to.

    • Allow group <YOUR_GROUP_NAME_HERE> to read all-resources in <COMPARTMENT_NAME>
  4. After pasting the policy statement(s), select Create Policy.

  5. Once the policy is created, it is then attached to the user group from Step 3.

info

Now you can head over to the Vega Platform.

Vega Platform

Create OCI Provider Account

Now we need to create the Provider Account in the Vega Platform to connect to your Oracle Cloud Infrastructure (OCI) data.

  1. Go to Settings and Add a Provider Account. (Select Oracle Cloud Infrastructure.)

  2. Enter your OCI information in the dialog. This information can be found in the configuration file snippet from Step 2 in the Oracle Console section.

    Option 1 - If the desired OCI Compartment is the Root Compartment:
    info

    Make sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is checked.

    • Tenancy OCID: The OCID of the tenancy / root compartment.
    • Private Key: The content of the private key downloaded earlier
    • Fingerprint: The fingerprint of the Private Key file
    • Home Region Identifier: Home Region ID of the root Compartment
    • User OCI: The user OCID created above
    • Vega Account Alias (optional): An optional name to give your Provider Account
    • Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.
    Option 2 - If the desired OCI Compartment is a child Compartment:
    info

    Make sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is not checked.

    • Compartment OCID: The OCID of the desired Compartment.
    • Tenancy OCID: The OCID of the Tenancy that the Compartment Reside in.
    • Parent Compartment OCID: The OCID of the direct parent Compartment.
    • Private Key: The content of the private key downloaded earlier
    • Fingerprint: The fingerprint of the Private Key file
    • Home Region Identifier: Home Region ID of the root Compartment
    • User OCI: The user OCID created above
    • Vega Account Alias (optional): An optional name to give your Provider Account
    • Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.

    GCP Account Create

    tip

    If you aren't ready for your accounts to be ingested by Vega yet, you can toggle the 'Enabled' switch to 'Disabled' to prevent data ingestion.

  3. Click Link Account to link the account and start the discovery process.